You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Mark Thomas <ma...@apache.org> on 2021/01/27 19:25:33 UTC
[VOTE] Release Apache Tomcat 8.5.62
The proposed Apache Tomcat 8.5.62 release is now available for voting.
The notable changes compared to the 8.5.61 release are:
- Add a new StringInterpreter interface that allows applications to
provide customised string attribute value to type conversion within
JSPs. This allows applications to provide a conversion
implementation that is optimised for the application.
- Add peerAddress to coyote request, which contains the IP address of
the direct connection peer. If a reverse proxy sits in front of
Tomcat and the protocol used is AJP or HTTP in combination with the
RemoteIp(Valve|Filter), the peer address might differ from the
remoteAddress. The latter then contains the address of the client in
front of the reverse proxy, not the address of the proxy itself.
- Escape elements in the access log that need to be escaped for the
access log to be parsed unambiguously.
Along with lots of other bug fixes and improvements.
For full details, see the changelog:
https://ci.apache.org/projects/tomcat/tomcat85/docs/changelog.html
It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.62/
The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1294/
The tag is:
https://github.com/apache/tomcat/tree/8.5.62
0c41d44e32bc4479f0de02e6eb29bb703549a05c
The proposed 8.5.62 release is:
[ ] Broken - do not release
[ ] Stable - go ahead and release as 8.5.62
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: [VOTE][OT] Release Apache Tomcat 8.5.62
Posted by Christopher Schultz <ch...@christopherschultz.net>.
Mark,
On 1/27/21 14:25, Mark Thomas wrote:
> - Add peerAddress to coyote request, which contains the IP address of
> the direct connection peer. If a reverse proxy sits in front of
> Tomcat and the protocol used is AJP or HTTP in combination with the
> RemoteIp(Valve|Filter), the peer address might differ from the
> remoteAddress. The latter then contains the address of the client in
> front of the reverse proxy, not the address of the proxy itself.
I had to read this 3 times to make sense of it. And it does make sense.
We might want to simplify this lagnuage for a wider announcement. How
about this:
- Add a peerAddress to coyote request, which contains the IP address of
the direct connection peer. This allows other components in Tomcat
to make decisions based upon the direct peer's IP address instead of
the client's IP address. This is especially useful when locking-down
Tomcat to allow any client, but only if they are connecting through
a trusted reverse-proxy.
Another comment:
There is some overlap here with RemoteIPValve/Filter which already
handles understands how to interpret X-Forwarded-* HTTP headers to trust
a reverse-proxy. But you can't use RemoteIPValve/Filter to e.g. force
all users through the proxy with this feature.
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 8.5.62
Posted by Martin Grigorov <mg...@apache.org>.
On Wed, Jan 27, 2021 at 9:25 PM Mark Thomas <ma...@apache.org> wrote:
> The proposed Apache Tomcat 8.5.62 release is now available for voting.
>
> The notable changes compared to the 8.5.61 release are:
>
> - Add a new StringInterpreter interface that allows applications to
> provide customised string attribute value to type conversion within
> JSPs. This allows applications to provide a conversion
> implementation that is optimised for the application.
>
> - Add peerAddress to coyote request, which contains the IP address of
> the direct connection peer. If a reverse proxy sits in front of
> Tomcat and the protocol used is AJP or HTTP in combination with the
> RemoteIp(Valve|Filter), the peer address might differ from the
> remoteAddress. The latter then contains the address of the client in
> front of the reverse proxy, not the address of the proxy itself.
>
> - Escape elements in the access log that need to be escaped for the
> access log to be parsed unambiguously.
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat85/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.62/
>
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1294/
>
> The tag is:
> https://github.com/apache/tomcat/tree/8.5.62
> 0c41d44e32bc4479f0de02e6eb29bb703549a05c
>
> The proposed 8.5.62 release is:
> [ ] Broken - do not release
> [ X ] Stable - go ahead and release as 8.5.62
>
Regards,
Martin
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
>
>
Re: [VOTE] Release Apache Tomcat 8.5.62
Posted by Mark Thomas <ma...@apache.org>.
On 27/01/2021 19:25, Mark Thomas wrote:
> On 27/01/2021 19:25, Mark Thomas wrote:
>
>> The proposed 8.5.62 release is:
>> [X] Broken - do not release
>> [ ] Stable - go ahead and release as 8.5.62
Sorry all. I am changing my vote to broken and will be cancelling this
vote due to a regression I've just discovered in the fix for BZ 64110.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 8.5.62
Posted by Mark Thomas <ma...@apache.org>.
On 27/01/2021 19:25, Mark Thomas wrote:
> The proposed 8.5.62 release is:
> [ ] Broken - do not release
> [X] Stable - go ahead and release as 8.5.62
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[VOTE][CANCELLED] Release Apache Tomcat 8.5.62
Posted by Mark Thomas <ma...@apache.org>.
This VOTE is cancelled due a to regression in the fix for BZ 64110 that
broke TLS in some scenarios.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 8.5.62
Posted by Rémy Maucherat <re...@apache.org>.
On Wed, Jan 27, 2021 at 8:25 PM Mark Thomas <ma...@apache.org> wrote:
> The proposed Apache Tomcat 8.5.62 release is now available for voting.
>
> The notable changes compared to the 8.5.61 release are:
>
> - Add a new StringInterpreter interface that allows applications to
> provide customised string attribute value to type conversion within
> JSPs. This allows applications to provide a conversion
> implementation that is optimised for the application.
>
> - Add peerAddress to coyote request, which contains the IP address of
> the direct connection peer. If a reverse proxy sits in front of
> Tomcat and the protocol used is AJP or HTTP in combination with the
> RemoteIp(Valve|Filter), the peer address might differ from the
> remoteAddress. The latter then contains the address of the client in
> front of the reverse proxy, not the address of the proxy itself.
>
> - Escape elements in the access log that need to be escaped for the
> access log to be parsed unambiguously.
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat85/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.62/
>
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1294/
>
> The tag is:
> https://github.com/apache/tomcat/tree/8.5.62
> 0c41d44e32bc4479f0de02e6eb29bb703549a05c
>
> The proposed 8.5.62 release is:
> [ ] Broken - do not release
> [X] Stable - go ahead and release as 8.5.62
>
Rémy
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
>
>